in packages/aws-rfdk/lib/core/lib/cloudwatch-agent.ts [180:229]
private configure(
host: IScriptHost,
shouldInstallAgent: boolean,
skipValidation: boolean,
) {
const region = Stack.of(this).region;
if (shouldInstallAgent) {
if (!this.canInstallAgent(host.osType, region)) {
throw new Error(`Cannot install CloudWatch Agent in region "${region}" ` +
`for OS "${OperatingSystemType[host.osType]}" ` +
'because RFDK hosted files are not available in that region.');
}
// Grant access to the required CloudWatch Agent and GPG installer files.
const cloudWatchAgentBucket = Bucket.fromBucketArn(this, 'CloudWatchAgentBucket', `arn:aws:s3:::amazoncloudwatch-agent-${region}`);
cloudWatchAgentBucket.grantRead(host);
const gpgBucket = Bucket.fromBucketArn(this, 'GpgBucket', `arn:aws:s3:::rfdk-external-dependencies-${region}`);
host.grantPrincipal.addToPrincipalPolicy(
new PolicyStatement({
actions: ['s3:GetObject'],
resources: [gpgBucket.bucketArn, gpgBucket.arnForObjects('*')],
conditions: { StringEquals: {
// Download from bucket in RFDK service account
's3:ResourceAccount': '224375009292',
} },
}),
);
}
const scriptArgs = [];
// Flags must be set before positional arguments for some scripts
if (shouldInstallAgent) {
scriptArgs.push(CloudWatchAgent.INSTALL_CWAGENT_FLAG);
}
if (skipValidation) {
scriptArgs.push(CloudWatchAgent.SKIP_CWAGENT_VALIDATION_FLAG);
}
// This assumes that the CloudWatch agent construct is always put in the same region as the instance or ASG
// using it, which should always hold true.
scriptArgs.push(region);
scriptArgs.push(this.ssmParameterForConfig.parameterName);
this.configurationScript.executeOn({
host,
args: scriptArgs,
});
}